Finding upper bounds of component instances with deallocation beyond local scope

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (6.58 MB, 10 trang )

(1)<div class='page_container' data-page=1>

VNƯ Journal of Science, N atural ScicncGS and Technology 24 (2008) 82-91

Finding upper bounds of component instances

with deallocation beyond local scope

Hoang A. Truong

College o f Technology, VNU, 144 Xuan Thuy Road, Cau Giay District, Hanoi, Vietnam

Received 31 O ctober 2007

A b stra c t. W e develop an abstract com ponent language and a static type system that can tells us
the m axim um resources a program m ay use. We prove that the upper resource bound is sharp and
we point out a polynom ial algorithm that can infer the sharp bound. Know ing the maximal
resources a program m ay request allows us to adjust resource usage o f the program and to prevent
it from raising exceptions or behaving unexpectedly on system s that do not have enough resources.
This work extends our previous w orks in one crucial point: the deallocation prim itive can free an
instance beyond its local scope. This sem antics m akes the language m uch closer to practical ones.

1. In tro d u c tio n

Any softw are program needs resources to

run. These resources can be physical

components such as m em ory or com m unication
ports, or they can be virtual com ponents o f the
operating system or the underlying runtime
machine such as file handles or TC P/IP sockets.
As most o f these resources are lim ited, any
computer program should be prepared for the

out-of-resource situation at runtim e.

There are several solutions to the problem ,
ranging from dynam ic checking, testing to
static analysis. Runtim e checking for failure
every time the progi'am requests for a resource
is costly. These dynamic checks increase the
program size and reduce its perform ance. On
embedded and handheld devices only a small
overhead is significant. Even w hen the dynam ic
checks are inserted, the program still stops

w orking w hen the system does not have enough
resource. Testing is always necessary, but it
does not cover all possibilities. Furtheim ore,
testing m ay not be applicable for m odem
applications w hich are extensible, com posable
from m odules o f thirdparties and these m odules
can be updated autom atically. The last method
is the best if possible. It allow s us to detect
potential problem s at com pile time, before the
program is deployed.

C om ponent softw are is built from various
com ponents, possibly developed by third-
parties [1,2]. These com ponents may in turn use
other com ponents and so on. U pon execution,
instances o f these com ponents and their sub-
com pnents are created and discarded. Since
each instance uses some resources, some

com ponents are required to have only a certain
num ber o f sim ultaneously active instances.

In this paper we explore the possibility o f a
type system [3-5], a branch o f static analysis,
E-mail: hoangta@\nu.cdu.vn

</div>
(2)<div class='page_container' data-page=2>

Hoang /4. T m o n g / VNƯ journal o f Science, N atural Sciences nnd Technology 24 (2008) 82-91 83

w hich allows one to detect statically w hether or 
not the num ber o f sim ultaneously active
instances o f specific com ponents exceeds the
allowed number. N ote that here we does not
directly control actual resources. Instead we
will abstract them by the num ber o f instances.
U sing types and effects systems [6,7], we can
infer every specific resource by adding
annotations to com ponents using the resource.

This work extended our previous w ork [8]
by allowing the deallocation operate beyond

local store. The simple change in the

operational sem antics requires additional in
form ation in type expressions and some typing
rules also need changes substantially. As it is
unusual to allow deallocation go beyond a
thread, we leave out the parallel com position
for simplicity. The type system can be extended

with the similar rule in [8] if we add the parallel
com position to the language.

Table 1.

The paper is organized as follows. Section 2
introduces the com ponent language and a small-
step operational sem antics. Section 3 defines
types and the typing relation. Section 4 shows
several im portant properties o f the system,
am ong them are type soundness and sharpness
o f resource bounds. Last, Section 5 concludes.

2. A c o m p o n en t la n g u ag e

2.7. Syntax

C om ponent program s, declarations and
expressions are defined in Table 2.1. We use
extended B ackus-N aur F om i w ith infix I for
choice and overlining for K leene closure (zero
or more iterations).

I

Syntax
1

ì^nHỊ Proizrain

D r d s D eclaratio n s

/■; H xprcssiiin

1 (■ Hmptv

n e v .r In stan tiatio n

d e l . r D eallo catio n

i { E ^ E ] C h o ice

\ Scopc

1 E E S cq u cn cin u

Com ponent nam es, ranged over by X, y, z,

are collected in a set

c.

Com ponent

expressions, ranged over h y A, E, can be 
empty expressions - used for startup, or they
can be formed by tw o prim itives new and d e l
for creating and deleting an instance o f a
component, respectively, or they can be
assem bled by three com position operators:

choice, denoted by +, scope, denoted by {}, and
sequencing denoted by juxtaposition.

</div>
(3)<div class='page_container' data-page=3>

84 H oang A . T ruong Ị V N U journal o f Science, N atural Sciences and Technology 24 (2008) 82-91

body an em pty expression X ^ e . A prim itive 
com ponent is the one that does not depend on
any other com ponents, so it can be used to
represent som e specific resource such as a serial
com m unication port.

A com ponent program is defined by a list o f
com ponent declarations follow ed by a main
expression, w hich w ill be the startup expression
w hen the program is executed.

2.2. O perational sem antics

T able 2.2 defines form ally the operational
sem antics by a transition system betw een
configurations. A configuration is a stack o f
pairs o f a m ultiset and an expression. A con
figuration is term inal if it has the fo n n (A/, e). 
W e denote a stack S T o f n elem ent by (Ml, El)
0 ...0 (Mn, EfJ w here (Ml, Eị) is the bottom,
(Mn, E J is the top o f the stack, and ‘o ’ is the 
stack separator.

Table 2. Transition rules

(o sN ew ) .y < A c D i'cU 
T o ( . \ / . n e y . r i : ) Z o { A f

(o sD el) J- (_ Aíị: and ,r (/ .\íị._ ị ì .... .\/,i

M ị: E'y; Ị o ,, o ( / : )

- T o

(o sC h o ice ) i {1^1?}

{o sP u sh )

^ T o { M . / : } o ( [ ] . . ! )
{osPop}

7 o [ A L E )

By the rules osN ew , osDel, and osC hoice
we only rew rite the pair at the top o f the stack.
The rule osN ew first creates a new instance o f
com ponent X in th e local store. Then i f X is a
prim itive com ponent it continues to execute the
rem aining expression £ ; otherw ise, it continues
to execute A before executing the rem aining 
expression E. T he rule osDel deallocates an 
in sta n c e o f X in th e firs t s to re fro m th e top o f the
stack, if there exists one. If there exists no
in sta n c e o f X in th e w h o le sta c k , th e e x e c u tio n is

stuck. N ote that here we have abstracted away
the specific instance that w ill be deleted. The
rule osC hoice selects a branch to execute and
rules o sP u sh and o sP o p are for the scope
operator.

</div>
(4)<div class='page_container' data-page=4>

Hơí7/i<^> v4. T m o n g / V N U lournaỉ o f Science, N atural Sciences and Technology 24 (2008) 82-91 85

G iv e n a p ro g ra m , a n a tu ra l w a y to in fe r th e
m a x im u m a m o u n t o f a re s o u rc e th at th e
p ro g ra m n e e d s is to a n n o ta te th e u s a g e o f th at
re so u rc e th at e a c h c o m p o n e n t d ire c tly u se s.
T h a i is. vvc h a v e a fu n c tio n fo r e a c h re s o u rc e
th at m ap s e v e ry c o m p o n e n t n a m e to th e a m o u n t
o f th e re so u rc e th a t th e c o m p o n e n t d ire c tly
u se s. T h e n w e c a n ru n th e p ro g ra m a n d
c a lc u la te th e to tal re s o u rc e c o n s u m p tio n o f e a c h
e x e c u tio n sta te b y ta k in g th e su m o f re s o u rc e s
o c c u p ie d b y all e x is tin g in sta n c e s . F o r e x a m p le ,
i f a p ro g ra m h a s fo u r c o m p o n e n ts a, h, c, d an d
c o m p o n e n ts a a n d c e a c h u se s 1K B o f m e m o ry ,

com ponents h and d cach uses 2KB. T hen at the 
state {[b, e, (I, d], E), the program occupies 7KB 
o f m e m o ry .

In the above m ethod, we need to exam ine
all possible states o f the program to know the
m axim um resources that the program needs. In

general, these m ethods are not applicable to
dclcct these m axim a sincc testing all possible
runs is usually im possible due to a possible
exponential num ber o f such runs or circular
dependencies o f com ponents. T he type system
in the next section can tell us the m axim um re
source consum ption for a class o f program s and
it inspires a polynom ial algorithm to find such
an upper bound.

3. A ty p e system

The main purpose o f our type system is to
find out the m axim um num ber o f coexistent
instances that a program can create during the
running o f the program. W e will need the
m axim um num ber for each com ponent, so that
mean we need to find a set o f pair X , n for each 
com ponent .V. This is exactly the notion o f
m ultiset, which is a set with multiple
occurrences o f elem ents. T herefore m ultiset is

the right data structure for storing these m axim a
in a type expression.

A nother im portant aspect o f m ost type

system s is the property so-called

com positionality. That is, type o f an expression

can be com puted from types o f its subexpres
sions. In our language, the choice com position
is not rather straightforw ard since the m axim um
if A-^B is m axim um o f two m axim a o f Ả and 5 , 
while the sequential com position is the m uch
more sophisticated.

W hen com posing A B we need to know the 
m axim um num ber o f instances o f A. D uring the 
running o f B, we need to know the m axim um 
num ber o f instances that A left after its 
execution. So we need another m ultiset. B ut B 
can be a deallocation such as delx, this m ultiset 
should also has negative elem ents. So it needs
to be a sig n ed multiset. A signed m ultiset is a 
m ultiset but with negative occurrences o f
elem ents.

A nother point we need the type system to
be able to detect is the safety o f deallocation.
W hen com posing A B and B m ay have some 
deallocations, then we need to m ake sure that A 
has at least enough instances created so that
deallocation in B can be executed safely. 
Therefore, we need another m ultiset for storing
the m inim um num ber o f instances that B needs 
and this m ultiset will allow B to be com posed 
safely with any A that can create such m inim a.

Last, when an expression A is enclosed in a

scope, {^} will not increase the num ber o f
instances o f after the execution o f [A], but it 
still can delete instances in the environm ent, as
we can see the rule osDel. T he m axim um
deallocation is exactly the safety m ultiset

m entioned in previous paragraph. The

</div>
(5)<div class='page_container' data-page=5>

8 6 H oang A . T n w n g Ị V N U Journal o f Science, N atural Sciences and Technology 24 (2008) 82-91

num ber o f deallocations. Therefore, w e need
tw o safety stores for typing scope expressions.

Types are tuples o f three m ultisets and two
signed m ultisets. W e let range over types.

D efin itio n 3.1. (T ypes). Types o f com ponent 
expressions are tuples

X = (^x\x\x‘, x \ x ‘)

w here X ' , X ' ' , X ’ are m ultisets and

x° ,x'

are sig n ed m ultisets.

M ultisets are denoted by [...], w here sets are

denoted, as usual, by M{x) is the

m ultiplicity o f elem ent X in the m ultiset M and 
M {x) = 0 if X Ể M The operation u is union o f

m ultisets: {M u N){x) = vadx{M{x),N{x)). The 
operation + or 1+) is additive union o f multisets:
{M + A0(-^) = Af(x) + N{x). W e w rite M + X ĩor 
M +[x] a n d w hen X € A/ we w rite M - x ĨOT M -

x]. D om ain o f M , also called support set, 
notation dom(A/), is the set o f elem ents that
occur in M \ dom(A/) = {;c I M {x) 7^ 0}.

Sim ilarly, a signed m ultiset M , also denoted 
by [...], over a set 5 is a m ap from 5 to z , the
set o f integers. F or exam ple, [x, -y, -y] is a 
signed m ultiset w here the m ultiplicity o f X is 1
and the m ultiplicity o f y is -2. Signed m ultisets 
are also called hyb rid set [9]. The analogous
operations o f m ultisets are defined for signed
multisets. M (x) is the m ultiplicity o f X (can be

negative);

M{x)

= 0 w hen X is not an elem ent o f

M , notation X Ể M . L etM , / / b e signed multisets, 
then we have additive union: (M + N)(x) = M(x) 
+ N(x); subfraction: {M - N )(x) = M (x) - N{x)

union: {M u N){x) = max(M(;c), N{x))

intersection: {M n N )(x) = min(M(x), N{x))

inclusion: M c i f M {x) < N {x) for all X € M\

dom ain or support set dom(Ả/) = {x I M (x) Ỷ 0}. 
Last, w e define M be the m ultiset received
from M by rem oving all elem ents w ith positive 
occuưences:

' M i x ) , if M ( x ) < 0
0 ; if M ( x ) > 0
M l { X) —

H aving the m eanings o f each part o f a type,
Table 3 describes all typing rules. Before
looking at that table, w e need to clarify some
term inologies. A basis or typing environm ent is

a list o f declarations: Xj . An

em pty basis is denoted by 0 . Let r , A range

over bases. The dom ain o f a basis

r

= Xj notation

dom(r),

the set {xi,...,xn} .A typing ju d g e m e n t (or ju s t 
ju d g em en t) is a tuple o f the form:

Y \ - E \ X

and it asserts that expression E has type X in the 
environm ent r . A typing ju d g em en t can be
regarded as valid or invalid. V alid ones are

identified by the follow ing definitions.

D efinition 3.2. (V alid typing judgem ents).
Valid typing ju d g e m en ts T A \ X are derived 
by applying the typing rules in Table 3 in the 
usual inductive way.

B y the term usual inductive w ay we mean a
valid judgem ent is one that can be obtained as
the root o f a tree o f judgem ents, w here each

ju d gem ent is obtained from the ones

</div>
(6)<div class='page_container' data-page=6>

H oang A . T ruong / V N U Journal o f Science, N atural Sciences and Technology 24 (2008) 82-91 87

Table 3. Typing rules

Axiom}

(Weaken)

r h .l;.v r h

D:Y

,r Ể

r..r-<£? r .l:.v

{New}

i ' r . l : A ' J - 'ỊÍ domi l'}

r 7 7 K ’.-r- 'nev J'T(

A'

'

-{Del}

r - -4:.v .r e dom(r)

r del7 :([.rjX']. I

[-.(■])

{Seq)

r h . 4 : A ' T h ữ : r Á . D ỹẺ t

Z" = X"

I.j{r" -

x ‘) Z’

= X' U{r' -

X'’)

Z‘ = x> i)

(.V''-*- V''} Z'' = A''^ ---

z' = .Y' ^ V''

“T T ^ i b Tz .. .... ....

(Choice)

r r .l; .v r r

B : ) '

z

= X" UV'"..V' n V\.V'LJ V''..V"ur'',.V' n

Y’

r h

(.1

. B] : Z

(Scope)

r - . 1 : X

r h

A''. -V'. - A''*)

These typing rules deserve som e further

explanation. T he m ost critical rule is Seq
because sequencing tw o expressions can lead to
increase in instances o f the com posed
expression. The first m ultiset o f the type o f an
expression is for the safety o f deallocations in
the expression. First, we 4 still need X ' for the

safety o f deallocations in A. Second, since there 
are at least

x ‘

instances after the execution o f
A, we need at least (y* - x ' ] for the safety o f

B. Therefore, we need X ’ u (y* —

</div>
(7)<div class='page_container' data-page=7>

8 8 H oang A . T ruong / V N U jo urnal o f Science, N atural Sciences and Technology 24 (2008) 82-91

m inim al safety o f deallocations. The third
m u ltis e t is th e m a x im u m in s ta n c e s th a t A B c a n
reach. It can be the m axim um o f A or the 
m a x im a l o u tc o m e o f A to g e th e r w ith the

m axim um o f B. T he rem aining two signed

m ultisets, and are easy referring

to the sem antics o f them.

O ther typing rules are straightforw ard. The
rule Axiom is used for startup. The rule
W eakenB allow s us to extend a basis so that the
rules Seq, Choice m ay be applied. The rule

N e w accum ulates a new instance in type
expression w hile the rule Del reduces by one
instance. In the rule Del, the first tw o multisets
are for the safety o f the deallocation. The third
m ultiset in the type o f d e l X is em pty since it
has no effect to the m axim um in com position,
but the last two m ultisets are both [-x] since del 
X rem oves one X from the environm ent. The 
ju d g em en t r \- A : X in the prem ise o f this rule

only guarantees that the basis r is legal.

N ow w e can define the notion o f w ell-typed 
pro gra m with respect to our type system. 
B asically, a program is w ell-typed if we can
derive a type for the m ain expression o f the
program from a list o f the program declarations.
As m entioned in the Introduction Section 1, we
have an polynom ial algorithm (cf. [9]) which
can autom atically decide w hether a program is
w ell-typed or not.

D efinition 3.3. (W ell-typed programs).

Program P rog = D ecls; E is w ell-typed i f there 
exists a reordering r o f declarations in Decls 
such that T \ - E \X .

4. S o u n d n ess a n d s h a rp n e s s

W e state several im portant properties o f the
type system and left out some supporting
properties that are sim ilar as in [8'.

4.1, Soundness properties

O ne o f the m ost im portant properties of
static type system s is the soundness. It states
that w ell-typed program s cannot cause type
eư o rs. In our m odel, type eư o rs occur w hen the
program tries to delete an instance w hich does
not exists or w hen the program tries to
instantiate a com ponent X but there is no
declaration o f X. W e will prove that these two
situations will not happen. Besides, we will
prove an additional im portant property which
guarantees that a w ell-typed program will not
create m ore instances than a m axim um stated in
its type, and the m axim um is sharp.

O ur p ro o f o f the type soundness is based on
the approach o f W right and Felleisen [10]. W e
will prove two m ain lem m as: Preservation and
Progress. The first lem m a states that well-
typedness is preserved under reduction. The
latter guarantees that w ell-typed program s
cannot get stuck, that is, m ove to a nonterm inal
state, from w hich it cannot m ove to another
state. First we need to define w hat a well-typed
configuration means.

D efinition 4.1. (W ell-typed configuration).
C onfiguration T = {Mị, Eị) o ... o {Mn, E„) is
w ell-typed with respect to a basis r , notation 
r N X ỉ/ fo r h = L .n there exists Z/, such that

r r- ú ỉ ì lỊ ỊT|^ ! ' rGt5;;(/ỉ - I) n

where

rets.;i/;} = \ M ị , - ret5_’(/i - Ì ) ~ Z ' l

N ote that we have sim plified the definition
o f rets for trivial cases that vetsj{k) = 0 for 
k > n.

</div>
(8)<div class='page_container' data-page=8>

Honn^ A . T ru o n g / V N U journal o f Science, N atural Sciences and Technology/ 24 (2008) 82-91 89

L e m m a 4.2. (Preservation). ĩ f r ị ^ T and T

T \ t h e n r > T ’

L e m m a 4.3. (Progress). J f r \ = T , ihen either T

is term in a ted or there exists a co n fig u ra tio n T ’
such that T ^ T'.

N ext, we show an invariant w hich allow s us
to infer the resource bounds o f w ell-typed

program s. The invariant is about the

m onotonicity o f the m axim um num ber o f
instances that a w e ll- ty p e d configuration T =

{Ml, £)} 0...0 (A/n, ^n) can reach. W e calculate
the m axim um num ber as follows.

} I

m3xins(Tl = I J m axinsịT./;)

Í, - 1
W here

m a x ín s iT ./í} = [ 7 :i,] • A’/, • reto,;{/j - I } 
re to .;(/0 = \}ỈI: ■ re to .;(/i - 1} - -VJ'; '

W here Xf, IS the type o f E/,. D uring 
transition, this m axim um num ber o f instances
that the configuration can generate does not
increase. Furtherm ore, w hen the m axim um is
not reach for some com ponent, there exists a
next configuration such that the m axim um is
the same. This allow s us to prove the sharpness
o f the type system.

L e m m a 4.4. (Invariant o f m axins). I f Y \ = T 
a n d T -V/-* T ’, then

• maxins (T ) 3 m axins ( T ’)

• ^ rnaxins(T)(z) fo r som e z, 
then there exists T" such that T T"
and m axins(T) = m axins(T")

N ow we can state the type soundness
together with the upper bound o f instances that
a w elltyped program alw ays respects.

T h e o re m 4.5. (Soundness). L et Prog = Decls; 
E be well-typed, that is, r \- E :X f o r som e 
reordering

r

o f Deals an d som e type X. Then 
f o r any T such that ([], E) T we have that

T is not stuck a nd [T] c X .

4.2. Termination and sharpness

Before presenting the sharpness property,
we need to show that any w elltyped program
tenninates in a finite num ber o f steps. The
com m on tool for proving the term ination o f
program s (cf. [11, 5]) is to find a term ination 
fun ctio n w hich m aps program states to a well- 
fo u n d e d set. A w ell-founded set is a set

s

w ith
an ordering > on elem ents o f

s

such that there
can be no infinite descending sequences o f
elem ents. W e choose the set o f natural num bers
N and the usual ordering > to be a w ell-founded

set (N,>). The term ination function m ts is
defined for expressions and for configurations
as follows.

0 . i f /-: = r
1. ii' E — d e l .1'

1 - m ts i'.l) . i r / ỉ = n e v .r . . r —cA (z D ic l^ 
m ts (. l) - m t s ị l i } . if E = À B

'1 * m ts i. l). if E — (.1

</div>
(9)<div class='page_container' data-page=9>

90 H oang A . Truong / V N U jo urnal o f Science, N atural Sciences and Technology 24 (2008) 82-91

The integers 0, 1 and 2 in the definition are
the co ư esp o n d in g steps o f the operational
sem antics. The function is defined for a stack T
= (M u E]) 0 . . . 0 E„) as follows:

Here /2 - 1 is the num ber o f osPop steps.

N ote that, if E is the m ain expression o f a 
w e ll- ty p e d p r o g r a m , th e n

mts(£)

is th e
m axim um ữ an sitio n steps that the program
takes to term inate in any run, not all possible
runs o f the p ro g ram because there m ay be an
exponential n u m ber o f such runs. The following
theorem guarantees the term ination o f any well-

typed program .

T h e o ra m 4.6. (T erm ination)

7. I f T N T a n d T 'N/-* T', then m ts(7) > mts 
( T ’)

2. A w ell-typ ed p rog ra m alw ays term inates 
in a fin ite num ber o f steps.

Last, the sharpness o f the type system
show s that there is a run o f any w elltyped
program such that the m axim um num ber o f
instances reaches the bound expressed in p ro
g ram ’s type.

T h e o re m 4.7 (Sharpness). L et P rog = D ecls; E 
be welltyped, that is, Y h E : X f o r som e
reordering r o f D ecls a n d som e type X. Then 
f o r any z 6 X , there exists a sequence o f
configurations ([],£ )= To T] ... TTn
such that [T](z) = Xi{z).

4.3. Type inference

Type inference is sim ilar to those in our
previous w orks [8 , 9]. W e have a polynom ial

type inference algorithm th at can infer the type
o f a program if there is one, and it reports

failure otherw ise.

5. R e la te d w o rk s a n d c o n clu sio n

There are several other w orks on static and
analysis o f m em ory use. In [12,13] C hin et. Al.
presented a type system that can capture
m em ory bounds o f object-oriented programs.
He provided a fram ew ork in [13] for inferring
abstract size o f program s as exact as possible
(since they used Pres-burger form ulae for size
inform ation). O ur language has an explicit
deallocation prim itive and o u r com putation o f
resource bounds is exact. C rary and W eirich

14] presented decidable type system s for low
level languages w hich are capable o f specifying
and certifying that their program s will term inate
w ithin a given am ount o f tim e, but the type
system does not infer any bounds given by
program m ers. In contrast, out type systems
focus on high level languages and they can infer
the shaq) upper bounds o f resources, Hofmann

15] showed that linear type system s can ensure
that program s do not increase the size o f their
input so that exponential grow th o f immediate
results can be avoided, even with the presence
o f iterated recursion. H is languages are
functional w hile ours are im perative.

W e have presented an absừ act com ponent
language that focuses on tw o prim itives for

m anipulating resources (allocation and

</div>
(10)<div class='page_container' data-page=10>

H oang A . T ru o n g Ị V N U Ịo u r m l o f Science, N atural Sciences and Technology 24 (2008) 82-91 91

shown in our previous works. D ue to space
lim itations, proofs are not included here. W e
plan to p ro v id e a te c h n ic a l r e p o r t th a t c o n ta in s
all proofs.

W e have left out som e features such as
loops, function calls, and recursions to sim plify
the system. A dding finite loops and function
calls w ould not be difficult and w ould not cause
substantial changes to the type systems. W e
plan to consider them in the future.

This w ork was partly supported by the
research project N o. 204006 entitled “M odern
M ethods for B uilding Intelligent System s”
granted by the N ational IT Fundam ental
Research Program o f V ietnam .

R eferen ces

[1]

c.

Szypcrski, “C om ponent Softw are— Beyond
O b jc c t- O riented Program m ing” , A dd iso n -W esley /

A C M Press, 2nd edition, 2002.

[2] T.L. Thai, H.Q. Lam, ‘‘N E T Fram ew ork Essentials”,

A N utshell H andbook. O 'R eilly & Associates, Inc.,

3rd edition, Aug. 2003.

[3] H.p. B arcndregl, ‘‘L am bda Calculi with T ypes”,

O xford V nivertity P ress Vol. 2 (1992) 117.

[4] L. Cardelli, “Type system s” , A C M Comput. Surv., 
28(1) (1996) 263.

[5] B.C. Pierce, editor, “Types and Program m ing
Languages” , M ỈT Press, 2002

[6] F. N ielson, H. R. N ielson, “Type and effcct system s”,
In C orrcct System D esign, Recent Insight and
A dvances, (to H ans Langm aack on the occasion o f
his retirem ent from his professorship at the

U niversity o f Kiel), S pringcr-V criag., London, UK,
(1 9 99)114.

[7] F. Nielson., “A nnotated type and efTect system s”,

A C M Comput. Surv, 28(2) (1996) 344.

[8] H. Truong, M. Bezem, “ F inding resource bounds in
the presence o f explicit deallocation” , ỉn D. V. H ung

and M. Wirsing, editors, ĨC TAC , Lecture N otes in

Com puter Science, Springer, Vol. 3722 (2005) 227.
[9] M. Bezem, H. Truong, “ A type system for the safe in

stantiation o f com ponents”. E lectronic N otes in

Theoretical C om puter Sciencey 97 (2004) 197.

[10] A.K. W right, M. Felleisen, “A syntactic approach to
type soundness”, Inform ation a nd Computation^

115(1) (1994) 38.

[11] N. Dershowitz, z . M anna, “P roving term ination with
m ultiset orderings”, C om m unications o f the AC M , 
2 2 (8 )(1 9 7 9 ) 465.

[12] S. Q. W ei-Ngan Chin, Huu Hai N guyen, M. Rinard,
“ M emory usage verification for 0 0 program s”, ỉn c.

Hankin and Ĩ. Siveroni, editors. The Ỉ2ih 
International Static A nalysis Sym posium (SA S'05),

London, UK, Sept. 2005.

[13] W.N. Chin, s . c . K hoo, “ C alculating sized types”,

H igher-O rder a nd Sym bolic Computation^ 14(2-3)

(2001)261

[14] K. Crazy, D. W alker, G. M o m sett, “Typed m em ory
m anagem ent in a calculus o f capabilities”, In

P O P L '99: Proceedings o f the 26"' A C M SIG PLAN- 
SỈG A C T sym posium on P rinciples o f program m ing 
languages,'N ew Y ork, N Y , U SA , ACM Press (1999)

2 6 1

[15] M. Hofmann, “Linear types and non size-increasing
poly-nom ial lim e com putation” . In LIC S'99: 
P roceedings o f the Ỉ 4 ‘^ A n nual ĨE E E Sym posium on 
Logic in C om puter Science, W ashington. DC, USA,

IEEE C om puter Science, (1999) 464.

[16] A. Syropoulos, “M athem atics o f m ultisets”. In WMF

</div>

Finding upper bounds of component instances with deallocation beyond local scope

Finding upper bounds of component instances

with deallocation beyond local scope

<b>Hoang A. Truong</b>

c.

<i><b>X = (^x\x\x‘, x \ x ‘)</b></i>

<i><b>x° ,x' </b></i>

<i>M{x)</i>

r

dom(r),

<b>Axiom}</b>

<b>(Weaken)</b>

r h .l;.v r h

<i><b>D:Y</b></i>

,r Ể

r..r-<£? r .l:.v

<b>{New}</b>

i ' r . l : A ' J - 'ỊÍ domi l'}

<b>r 7 7 K ’.-r- 'nev J'T(</b>

<i><b>A'</b></i>

<i>'</i>

<i></i>

<b>-{Del}</b>

r - -4:.v .r e dom(r)

r del7 :([.rjX']. I

[-.(■])

<b>{Seq)</b>

<i><b>Z" = X"</b></i>

I.j{r" -

<i><b>x ‘) Z’</b></i>

= X' U{r' -

<i><b>X'’)</b></i>

<i><b>Z‘ = x> i)</b></i>

(.V''-*- V''} Z'' = A''^ ---

z' = .Y' ^ V''

<b>(Choice)</b>

r r .l; .v r r

<i><b>z</b></i>

= X" UV'"..V' n V\.V'LJ V''..V"ur'',.V' n

<i><b>Y’</b></i>

<b>r h </b>

(.1

<i><b> . B] : Z</b></i>

<b>(Scope)</b>

<b>r h </b>

<b>A''. -V'. - A''*)</b>

<i><b>x ‘</b></i>

m3xins(Tl = I J m axinsịT./;)

r

s

s

mts(£)

<b>c. </b>

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về